Shamir's secret sharing scheme

libbitcoin / libbitcoin-explorer

Bitcoin Command Line Tool

Other

599 stars 175 forks source link

Shamir's secret sharing scheme #553

Open jakubtrnka opened 6 years ago

jakubtrnka commented 6 years ago

I suggest adding shamir's secret sharing scheme as described Satoshi Labs's SLIP0039

My idea is to introduce command that generates n Shamir's shares with reconstruction threshold of m with m<=n. Optionally with seed encryption using passphrase.

mnemonic-to-sshare [-h ] --count <n> --threshold <m> --language <lang> [--passphrase <psh>] [WORD]...
Command produces either m shares each on separate line, or Error: invalid mnemonic, or Error: threshold too large

Reverse command restoring mnemonic from Shamir's shares would look like this: sshare-to-mnemonic [-h] [--passphrase <psh>] --share [WORD]... --share [WORD]... [...]
Command produces either mnemonic, or Error: inconsistent shares, Error: invalid share(s), or Error: not enough shares

evoskuil commented 6 years ago

Pull request?

jakubtrnka commented 6 years ago

It's not done yet. I wanted to ask at first if it was desirable. So I'll start working on that.

evoskuil commented 6 years ago

Yes! Though expect some feedback on interface and style. Note also that bx used source code generation. Maintainers can help with that once implemented if necessary.

evoskuil commented 6 years ago

I’m not to keen on the incorporation of both mnemonics and encryption into this single command. The result is far too complex in relation to the bx approach. We prefer to use composition vs. overloading. I haven’t looked at implementations, but we have existing commands for key encryption and mnemonics, so I assume we could compose with them to achieve the same features with less complexity and more flexibility.

evoskuil commented 6 years ago

Multi-valued outputs in bx are generally emitted as a property tree.

evoskuil commented 3 years ago

@jakubtrnka did you ever get anywhere with this? I still think it's a good idea.

jakubtrnka commented 3 years ago

Hello, back at the time I had some WIP, but the SLIP specification was also under development. Basically I stopped working on it when I realized the specification changed dramatically. In a meantime I think the SatoshiLabs came up with reference implementation. I also found a different approach to the Shamir's concept here https://iancoleman.io/shamir39/ I think I'd be able to code it in c++ as a separate project, but probably not able to integrate it to libbitcoin as I'm not c++ developer and I have no knowledge of the library structrue. If other people helped me with that I'd consider working on it.

evoskuil commented 3 years ago

Sounds great, let’s do it!